This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 57.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
I recently upgraded one of the Exchange Mailbox 2016 Servers with CU19 while the other one is still running on CU11. After upgrading the second mailbox server to CU19, first mailbox server (CU11) can't send mails to another mailbox server (CU19) and vice-versa. Getting "Exchange Auth Failure". When checked logs, getting "target machine actively refused the connection". Default receive connector is having "Exch. Server Auth." enabled. I am even able to TELNET both the mailbox servers from each other. No SMTP inspection enables on firewalls. Any ideas please?
Hi @Lucas Liu-MSFT ,
Resolved the issue.
Got an alert in Event Viewer regarding the SMTP certificate binding and missing entry in ROUTING GROUP MEMBER in Active Directory.
Edited the Active Driectroy (ADSIEdit) and added the second MBX server in the routinggroupmembers attribute. Also, removed the certificate and re-installed and inter-mailbox server traffic was up and running.
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 22%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Hi @RAJEEV GUJRAL ,
I am glad to hear that this issue have been sovled.
Thanks for sharing the specific solution, this will help more poeple who have the same issue.
Hi @RAJEEV GUJRAL ,
Are the two Exchange servers in the same domain?
Can mailbox in these two Exchange servers send mail to external recipients or receive mail from external senders?
Are there any non-delivery reports generated when the email fails to be sent? If so, please share the complete report with us, please noted that covering your personal information.
Microsoft does not recommend deploying any firewall or network equipment between internal Exchange servers. Please make sure that all communications and traffic between your internal Exchange servers are not restricted, and make sure that you open all ports required by Exchange. In addition, if possible, please try to temporarily turn off the firewall to check whether the mail can be sent successfully.
For more information you could refer to: Network ports for clients and mail flow in Exchange
The following screenshot is the defaul settings of Default receive connector in exchange server, you can compare with the receive connector in your environment.
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Mentioned below are responses to your queries.
Are the two Exchange servers in the same domain?
YES
Can mailbox in these two Exchange servers send mail to external recipients or receive mail from external senders?
YES
Are there any non-delivery reports generated when the email fails to be sent? If so, please share the complete report with us, please noted that covering your personal information.
NO
Microsoft does not recommend deploying any firewall or network equipment between internal Exchange servers.
NO FIREWALL BETWEEN SERVERS (already mentioned in query)
The following screenshot is the defaul settings of Default receive connector in exchange server, you can compare with the receive connector in your environment.
NO CHANGE OBSERVED (already mentioned in query that RECEIVE CONNECTORS CONFIG is OK and as per MS)
I was told by my friend that could be a .NET FRAMEWORK/ CU compatibility issue. MBX1 is CU11 while MBX2 is CU19.
Hi @RAJEEV GUJRAL ,
1.Where did you get the error "Exchange Auth Failure"? In addition, in order to better solve this issue, please share the complete error information with us, pay attention to covering your personal information.
2.Although I don’t have the same CU coexistence environment as you. I use different coexistence environments of .NET Framework without similar issue. If you want to rule out the problem caused by the .NET Framework, and considering that Exchange CU11 is an older version, you can try to upgrade it to the latest version to see if the issue exists.
3.Please send a test email and run the following command to check the message tracking log. Confirm the email at which step the issue occurred.
Get-Messagetrackinglog –Start “” –End “” –Sender “” –Messagesubject “”
4.Please view queue viewer in Exchange toolbox and see if there any email stacked, If so, please pay attention to whether there is any relevant information in "last error".
Hi @Lucas Liu-MSFT ,
Get-Queue | where {$_.Status -eq 'Retry'} | fl
DeliveryType : SmtpDeliveryToMailbox
NextHopDomain : xxxdb
TlsDomain :
Status : Retry
MessageCount : 2
LastError : [{LED=451 4.4.395 Target host responded with error. -> 451 5.7.3 Cannot achieve
Exchange Server authentication};{MSG=};{FQDN=xx.xx.xx.xx};{IP=xx.xx.xx.xx};{LRT=3/25/2021 8:35:42 AM}]
RetryCount : 0
LastRetryTime : 25-03-2021 14:05:42
NextRetryTime : 25-03-2021 14:10:43
FirstRetryTime : 25-03-2021 14:05:43
NextHopCategory : Internal
(2) For CU upgrade, I am planning for it in next week.
(3) Output of message tracking log.
25-03-2021 14:06:22 RECEIVE STOREDRIVER xxx@Raja Mohan ... {rrr@... Test Email
25-03-2021 14:06:22 SUBMIT STOREDRIVER xxx@Raja Mohan ... {rrr@... Test Email
25-03-2021 14:06:22 HAREDIRECTFAIL SMTP xxx@Raja Mohan ... {rrr@.. Test Email
25-03-2021 14:06:22 RECEIVE SMTP xxx@Raja Mohan ... {rrr@... Test Email
25-03-2021 14:06:22 AGENTINFO AGENT xxx@Raja Mohan ... {rrr@... Test Email
(4.) Queue-Viewer is also giving the same message as show in 1 above.
: [{LED=451 4.4.395 Target host responded with error. -> 451 5.7.3 Cannot achieve Exchange Server authentication};{MSG=};{FQDN=xx.xx.xx.xx};{IP=xx.xx.xx.xx};{LRT=3/25/2021 8:35:42 AM}]
Regards,
Hi @RAJEEV GUJRAL ,
According to the error information, pease check if there is a specific "Remote address" set on the receiver connectors. The default conditions are as follows, if there is no specific setting, please try to add the IP of another Exchange server to the Default receive connector with Exchange Server Authentication enabled. And please also check the FQND value in this receive connector.
Looking forward to your updated results
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.